Cloudflare DevelopersCD
Cloudflare Developers6mo ago
ioweb-gr

authenticated origin pulls not sending the certificate

I have enabled in my domain the SSL Mode to Full (Strict)

And also toggled the authenticated origin pulls

However when enabling the custom log format as below 

log_format clientcert '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$ssl_client_s_dn($ssl_client_serial)" $ssl_client_fingerprint';


In the log I don't see the certificate arriving 

[08/Jul/2025:13:59:32 +0300] "GET /sales/men/shopby/****.html HTTP/1.1" 200 84858 "-" "Mozilla/5.0 (Windows NT 6.0) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.120 Safari/535.2" "-(-)" -


Moreover if I change the verification from optional to on as expected it shows 400 Bad Request, no certificate.

What could be missing to enable authenticated origin pulls and send the actual certificate?

I downloaded the certificate authenticated_origin_pull_ca.pem and installed on nginx from the knowledgebase url.
image.png
image.png
Was this page helpful?